The 8 Most Critical Security Threats to Mobile Devices in 2021

By Haseeb Awan

Many firms pursue mobile efforts since research suggests increased mobility helps businesses enhance operations and efficiency.

On the other hand, increases in organizational mobility usually result in a spike in the number of smartphones accessing networks from afar. This implies many endpoints and risks to defend to keep your company safe from a security breach.

Mobile applications were another area that had trouble last year, while the world was focused on supply-chain breaches. Mobile applications will have over 200 billion downloads by 2022, creating a complicated attack surface. One-quarter of businesses surveyed by Verizon reported suffering a data breach due to mobile devices or IoT.

A review of the top mobile security breaches from 2021 provides insight into what to anticipate in 2022. The phone app exposures made the news, ranging from business heavyweights like Slack and Amazon Ring to CBP and US Customs.

This article will discuss the eight most highlighted and critical mobile security threats of 2021 that organizations encountered.

Also, Read Mobile Security Trends

2021's Top Nine Mobile Security Breaches

Slack Mobile Application Exposing User's Credentials

Slack is a popular workplace collaboration app with a daily user base of over 12 million people. Unfortunately, in 2021, the app exchanged more than just opinions. As revealed in January, a problem in its Android application logged clear-text usernames and passwords on smartphones. Exposed customers were instructed to reset their passwords and delete their app data records.

1. Amazon Ring App Data Breach

The Amazon Ring App had around 10 million users in 2020. A security issue in January 2021 revealed that the app was exposing the address and precise location of people who had been posted to it. Even though user postings are public, the app usually does not provide exact locations. The issue didn't show details to app users, but it did capture sensitive information such as the user's longitude, latitude, and residential address.

2. Android Apps Leaking Sensitive Data of Millions of Users

Since its launch, Google's play store has been bombarded with new apps. Developers from different countries introduce their apps to the play store, but only a few consider the security. So, what happens when app developers overlook communication security?

Among the most critical mobile breach stories of 2021, the buzz that the Android data leak received was uncanny. Around 13 prominent Android apps exposed the personal data of up to 100M users in April 2021. 3rd-party cloud services were not adequately secured, revealing personal information such as emails, text messages, credentials, and images.

3. Apple iMessage Zero-Day Affecting 900 Million Devices

Apple addressed a zero-day bug in iMessage in 2021. This bug compromised all of its 900M active users of Macbooks, Apple watches, iPhones, and iPads to malware from the NSO Group. Apple's zero-day incident is one of the greatest mobile thefts of the year. NSO took use of the flaw to snoop on political activists.

4. Remote Code Execution on ShareIt App

In February 2021, ZDNet revealed that the developers of the SHAREit app had overlooked a flaw that could be used to launch a malicious script on people's phones. The bug was eventually corrected by SHAREit, but not before the code was distributed to millions.

5. ParkMobile Breach Affecting 21 Million Users

KrebsOnSecurity discovered data of up to 21M users of a parking app on sale on a black market in 2021. ParkMobile's developers noticed that 3rd-party software had exposed personal information such as client email lists, contact information, and license plate numbers. For disclosing user data, ParkMobile is now facing a class-action suit.

6. Klarna Payment App Revealing User Balances

In May 2021, a security issue in Klarna's banking app created extensive customer anxiety. Clients of the application temporarily saw other users' bank details rather than their own. According to the Klarna revelation, data was cached abruptly due to a human error. The event happened shortly after Klarna received new financing of $639M.

7. COVID Passport App Exposing Users

Portpass, a Canadian COVID vaccination passport app, has had 650,000 users' personal information compromised by hackers. On its site, anybody can view profiles, and the smartphone app saves personal information in plaintext.

8. Passport Control Apps Leaking 10 Million Travelers' Data

As six US CBP smartphone passport check apps disclosed PII (Personally Identifiable Information), it compromised the personal details of up to 10M travelers. The CBP missed scanning 91 percent of application upgrades made between 2016 and 2019 for flaws, according to an analysis.

Want Guaranteed Protection Against SIM Swap? Reach Out to Us.

What to Expect in 2022?

Companies lost billions of dollars in income, repair costs, brand image damage, and more due to mobile breaches in 2021. Sadly, violations of this nature will persist through 2022.

Most of those aches and pains will be caused by unsafe coding methods and a lack of appropriate testing. By monitoring apps through the SDLC (software development life cycle) and discovering issues sooner, security teams can significantly minimize their risks. It will secure them from a significant mobile app intrusion in 2022. It will also assist in tracking all mobile applications in production.

The key points we have learned from the 2021's incidents are:

  1. Developers should consider security while coding as their top priority.
  2. Network admins should secure the infrastructure to avoid loopholes in the system and potential cyber attacks like MiTM (Man in The Middle).
  3. End-users should get anti-malware and antivirus protection for their devices to secure them from malicious activities like data theft.
  4. End-users should read an app's privacy controls before installing it and limit its access to private data.
  5. End-users should not download any malicious apps on their phones.
  6. Data encryption is essential to avoid any critical private and corporate data leaks.

Eventually, the responsibility falls on everyone from top to bottom to take the necessary steps in securing mobile applications, data, and our privacy.

Besides phone data security, your phone number security is just as important. Efani provides guaranteed protection from SIM swap and secures your phone number from hackers' attempts.Reach out to our experts today to get a quote.

Read About The Top Mobile Security Threats